There are many circumstances, both policy and legislation-related, in which it maybe required to retain documents for a relatively long period of time for future retrieval and review if required. Particularly in the case of commercial enterprises and businesses, many potentially sensitive documents are required to be retained for several years.
Traditionally, such document retention has usually been achieved by means of a paper filing system using files and filing cabinets, which may be locked or stored in a secure environment as required, with access thereto being restricted or limited to certain predetermined personnel. However, there are a number of disadvantages associated with such systems. Firstly, the physical space and resources required to adequately maintain such a storage system are often inconvenient. Secondly, in order to manage such a system practically, it is desirable to destroy or otherwise dispose of certain documents after some predetermined period of time in order to make space for more recent documents to be stored, which process can be difficult to manage methodically and consistently. Moreover, it may be desirable for certain documents to be destroyed or otherwise disposed of after a predetermined period of time to avoid leaks or compulsory disclosure of sensitive documents.
As more and more business documentation becomes computerised, the above-mentioned filing system becomes even more impractical and difficult to manage to the required standard. One specific example of digital documents and pieces of data which may exacerbate some of the problems outlined above are those created and transmitted to one or more intended recipients via electronic mail (e-mail). Such documents are routinely stored on either the recipient's hard drive or in a central networked storage facility where they can be retained as required, and from where they can be deleted upon request. However, in most commercial environments, the computer systems are routinely and regularly backed up in the sense that all stored data is copied and stored on another storage medium which is usually indexed and retained for future retrieval of documents if the main system fails for some reason. As a result, there may eventually exist a large number of copies of the same documents, and it can be difficult to ensure that all of those copies are deleted or otherwise disposed of when it is required to destroy the document in question.
In general, as more commercial documentation becomes computerised, its managed retention becomes increasingly important and, as more information is retained, there exists an associated liability that confidential information can leak or be demanded in court, with embarrassing and often commercially detrimental consequences. Many archived documents need to be stored for at least 7 years for regulatory reasons and, in many cases, will never be accessed after archiving. However, their consistent and methodical management is still essential for the above-mentioned reasons amongst others.
The present invention is primarily concerned with the reduction of the risk of unnecessary leakage of sensitive information by managing the lifetime of retained data.
If confidential documents are required to be stored digitally, it will usually be necessary to encrypt such documents prior to storage to prevent unauthorised access to their contents. Digital documents can be encrypted and decrypted by cryptography, the branch of applied mathematics that concerns itself with transforming digital documents into seemingly unintelligible forms and back again. One known type of cryptography uses a methodology which employs an algorithm using two different but mathematically related “keys”, one for transforming data into a seemingly unintelligible form, and one for returning the message to its original form. Although the two keys are mathematically related, if the document storage system is designed and implemented securely, it should be computationally infeasible to derive the private key from knowledge of the public key.
However, private and public keys of this type are simply n-bit numbers and, as the computational and processing ability of modem systems increases over time, so the number of bits required to be used for public and private keys must be increased in order to ensure that a “trial and error” approach, which could otherwise be used to try and decrypt a piece of data which has been encrypted using a private key (by simply trying all of the possible n-bit combinations of respective public key) remains computationally infeasible according to current processor abilities. For example, in recent years, it has been common to employ key-based encryption/decryption systems using 56-bit keys. However, more recently, it is becoming increasingly desirable to use keys of up to 256 bits for added security.
Returning now to the problems associated with digital document storage systems, it is in many cases required to retain documents for a predetermined, relatively long period of time, but it is equally desirable to destroy or otherwise render (all copies of) such documents irretrievable after that predetermined period of time to avoid embarrassing or commercially damaging leaks or disclosure of sensitive material. Current digital storage systems do not address these issues adequately and it is an object of the present invention to achieve the above-mentioned objectives.